Skip to content
This repository has been archived by the owner on Oct 10, 2022. It is now read-only.

found 2 low severity vulnerabilities #291

Open
Suzakura opened this issue Oct 16, 2020 · 1 comment
Open

found 2 low severity vulnerabilities #291

Suzakura opened this issue Oct 16, 2020 · 1 comment

Comments

@Suzakura
Copy link

Bug Report

                       === npm audit security report ===

                                 Manual Review
             Some vulnerabilities require your attention to resolve
          Visit https://go.npm.me/audit-guide for additional guidance


  Low             Denial of Service
  Package         mem
  Patched in      >=4.0.0
  Dependency of   cgb-scripts [dev]
  Path            cgb-scripts > webpack > yargs > os-locale > mem
  More info       https://npmjs.com/advisories/1084

  Low             Prototype Pollution
  Package         yargs-parser
  Patched in      >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2
  Dependency of   cgb-scripts [dev]
  Path            cgb-scripts > webpack > yargs > yargs-parser
  More info       https://npmjs.com/advisories/1500

cgb-scripts@1.23.1

I run "npm audit" it show 2 low severity vulnerabilities for cgb-scripts.

@davidfcarr
Copy link

Worrying about the same issue (not sure how worried I should be).

Running npm audit fix just gives a message saying manual intervention is required, apparently because of dependencies in cgb-scripts

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants